Thursday, June 13, 2024

IBM QRadar SIEM Vulnerability Enables XSS Attack and Information Disclosure

IBM QRadar is a popular SIEM (Security Incident and Event Management) tool organizations use to detect and monitor threats.

The IBM QRadar SIEM can be used in the form of a physical appliance, a software-only solution, or a virtual appliance.

As of 2023, It is being used by over 1130 companies worldwide as part of their SIEM.

IBM discovered three new vulnerabilities in the IBM SIEM and CVEs, and necessary fixes were also released.

These vulnerabilities were related to Cryptography, XSS, and information disclosure which was discovered by IBM’s Security Ethical Hacking team.

IBM QRadar SIEM Flaw

CVE-2023-26276: Weak Cryptographic Algorithm

This vulnerability exists due to the use of a weaker or expected cryptographic algorithm in the QRadar tool, which could allow a threat actor to decrypt highly sensitive information.

This vulnerability was given a CVSS Score of 5.9 (medium)

CVE-2023-26274: Cross-Site Scripting (XSS)

An attacker can exploit this vulnerability to embed arbitrary JS code in the Web UI that can alter the functionality that can lead to credentials disclosure through XSS on a trusted session.

This vulnerability was given a CVSS Score of 4.6 (medium).

CVE-2022-34352: Information Disclosure

This vulnerability allows a delegated Admin tenant with a specific domain security profile to see other domain data.

This vulnerability was given a CVSS Score of 6.5 (medium).

Affected Products

Affected Product(s)Version(s)
IBM QRadar SIEM7.5.0 – 7.5.0 UP5

Remediation and Fix

ProductVersionRemediation/First Fix
IBM QRadar SIEM7.5.0 7.5.0 UP6

There are no workarounds or mitigations available. IBM recommended all its users patch their IBM QRadar SIEM by upgrading it to the latest version.

“AI-based email security measures Protect your business From Email Threats!” – .


Latest articles

CISA Warns of Scammers Impersonating as CISA Employees

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge...

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles